package com.xiyu.service.service.infra.auth;

import cn.hutool.core.util.ObjectUtil;
import com.xiyu.service.enums.common.CommonStatusEnum;
import com.xiyu.service.enums.common.UserTypeEnum;
import com.xiyu.service.util.servlet.ServletUtils;
import com.xiyu.service.util.validation.ValidationUtils;
import com.xiyu.service.vo.infra.logger.loginlog.LoginLogCreateReqVO;
import com.xiyu.service.convert.infra.auth.AuthConvert;
import com.xiyu.service.enums.system.login.SystemLoginTypeEnum;
import com.xiyu.service.enums.system.login.SystemLoginResultEnum;
import com.xiyu.service.enums.infra.oauth2.OAuth2ClientConstants;
import com.xiyu.service.model.infra.oauth2.SystemOauth2AccessToken;
import com.xiyu.service.model.system.user.SystemUser;
import com.xiyu.service.service.infra.logger.LoginLogService;
import com.xiyu.service.service.infra.oauth2.Oauth2TokenService;
import com.xiyu.service.service.system.user.UserService;
import com.xiyu.service.vo.infra.auth.*;
import com.xingyuv.captcha.model.common.ResponseModel;
import com.xingyuv.captcha.model.vo.CaptchaVO;
import com.xingyuv.captcha.service.CaptchaService;
import com.google.common.annotations.VisibleForTesting;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

import jakarta.annotation.Resource;
import jakarta.validation.Validator;
import java.util.Objects;
import java.util.Optional;

import static com.xiyu.service.framework.exception.util.ServiceExceptionUtil.exception;
import static com.xiyu.service.util.servlet.ServletUtils.getClientIP;
import static com.xiyu.service.errorCode.infra.ErrorCodeConstants.*;

/**
 * Auth Service 实现类
 *
 * @author 芋道源码
 */
@Service
@Slf4j
public class AdminAuthServiceImpl implements AdminAuthService {

    @Resource
    private UserService userService;
    @Resource
    private LoginLogService loginLogService;
    @Resource
    private Oauth2TokenService oauth2TokenService;
    @Resource
    private Validator validator;
    @Resource
    private CaptchaService captchaService;

    /**
     * 验证码的开关，默认为 true
     */
    @Value("${xiyu.captcha.enable:true}")
    private Boolean captchaEnable;

    @Override
    public SystemUser authenticate(String username, String password) {
        final SystemLoginTypeEnum logTypeEnum = SystemLoginTypeEnum.LOGIN_USERNAME;
        // 校验账号是否存在
        Optional<SystemUser> opUser = userService.getUserByUsername(username);
        if (opUser.isEmpty()) {
            createLoginLog(null, username, logTypeEnum, SystemLoginResultEnum.BAD_CREDENTIALS);
            throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
        }
        if (!userService.isPasswordMatch(password, opUser.get().password())) {
            createLoginLog(opUser.get().id(), username, logTypeEnum, SystemLoginResultEnum.BAD_CREDENTIALS);
            throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
        }
        // 校验是否禁用
        if (ObjectUtil.notEqual(opUser.get().status(), CommonStatusEnum.ENABLE.getValue())) {
            createLoginLog(opUser.get().id(), username, logTypeEnum, SystemLoginResultEnum.USER_DISABLED);
            throw exception(AUTH_LOGIN_USER_DISABLED);
        }
        return opUser.get();
    }

    @Override
    public AuthLoginRespVO login(AuthLoginReqVO reqVO) {
        // 校验验证码
        validateCaptcha(reqVO);

        // 使用账号密码，进行登录
        SystemUser user = authenticate(reqVO.getUsername(), reqVO.getPassword());

        // 创建 Token 令牌，记录登录日志
        return createTokenAfterLoginSuccess(user.id(), reqVO.getUsername(), SystemLoginTypeEnum.LOGIN_USERNAME);
    }

    private void createLoginLog(Long userId, String username,
                                SystemLoginTypeEnum logTypeEnum, SystemLoginResultEnum loginResult) {
        // 插入登录日志
        LoginLogCreateReqVO reqDTO = new LoginLogCreateReqVO();
        reqDTO.setLogType(logTypeEnum.getValue());
        reqDTO.setUserId(userId);
        reqDTO.setUserType(getUserType().getValue());
        reqDTO.setUsername(username);
        reqDTO.setUserAgent(ServletUtils.getUserAgent());
        reqDTO.setUserIp(ServletUtils.getClientIP());
        reqDTO.setResult(loginResult.getValue());
        loginLogService.createLoginLog(reqDTO);
        // 更新最后登录时间
        if (userId != null && Objects.equals(SystemLoginResultEnum.SUCCESS.getValue(), loginResult.getValue())) {
            userService.updateUserLogin(userId, ServletUtils.getClientIP());
        }
    }

    @VisibleForTesting
    void validateCaptcha(AuthLoginReqVO reqVO) {
        // 如果验证码关闭，则不进行校验
        if (!captchaEnable) {
            return;
        }
        // 校验验证码
        ValidationUtils.validate(validator, reqVO, AuthLoginReqVO.CodeEnableGroup.class);
        CaptchaVO captchaVO = new CaptchaVO();
        captchaVO.setCaptchaVerification(reqVO.getCaptchaVerification());
        ResponseModel response = captchaService.verification(captchaVO);
        // 验证不通过
        if (!response.isSuccess()) {
            // 创建登录失败日志（验证码不正确)
            createLoginLog(null, reqVO.getUsername(), SystemLoginTypeEnum.LOGIN_USERNAME, SystemLoginResultEnum.CAPTCHA_CODE_ERROR);
            throw exception(AUTH_LOGIN_CAPTCHA_CODE_ERROR, response.getRepMsg());
        }
    }

    private AuthLoginRespVO createTokenAfterLoginSuccess(Long userId, String username, SystemLoginTypeEnum logType) {
        // 插入登陆日志
        createLoginLog(userId, username, logType, SystemLoginResultEnum.SUCCESS);
        // 创建访问令牌
        SystemOauth2AccessToken accessTokenDO = oauth2TokenService.createAccessToken(userId, getUserType().getValue(),
                OAuth2ClientConstants.CLIENT_ID_DEFAULT, null);
        // 构建返回结果
        return AuthConvert.INSTANCE.convert(accessTokenDO);
    }

    @Override
    public AuthLoginRespVO refreshToken(String refreshToken) {
        SystemOauth2AccessToken accessTokenDO = oauth2TokenService.refreshAccessToken(refreshToken, OAuth2ClientConstants.CLIENT_ID_DEFAULT);
        return AuthConvert.INSTANCE.convert(accessTokenDO);
    }

    @Override
    public void logout(String token, Integer logType) {
        // 删除访问令牌
        SystemOauth2AccessToken accessTokenDO = oauth2TokenService.removeAccessToken(token);
        if (accessTokenDO == null) {
            return;
        }
        // 删除成功，则记录登出日志
        createLogoutLog(accessTokenDO.userId(), accessTokenDO.userType(), logType);
    }

    private void createLogoutLog(Long userId, Integer userType, Integer logType) {
        LoginLogCreateReqVO reqDTO = new LoginLogCreateReqVO();
        reqDTO.setLogType(logType);
        reqDTO.setUserId(userId);
        reqDTO.setUserType(userType);
        if (ObjectUtil.equal(getUserType().getValue(), userType)) {
            reqDTO.setUsername(getUsername(userId));
        }
        reqDTO.setUserAgent(ServletUtils.getUserAgent());
        reqDTO.setUserIp(ServletUtils.getClientIP());
        reqDTO.setResult(SystemLoginResultEnum.SUCCESS.getValue());
        loginLogService.createLoginLog(reqDTO);
    }

    private String getUsername(Long userId) {
        if (userId == null) {
            return null;
        }
        Optional<SystemUser> user = userService.getUser(userId);
        return user.map(SystemUser::username).orElse(null);
    }

    private UserTypeEnum getUserType() {
        return UserTypeEnum.ADMIN;
    }

}
